ISO 42001 certification cost in the UK and Europe (2026): Full breakdown
This guide breaks down the typical cost of ISO 42001 certification from a reputable certification body in the UK and Europe. It also explains the main factors that influence pricing, including organisation size, scope, complexity, and audit duration.
The figures in this guide cover certification audit costs only and do not include consultancy, implementation support, training, remediation work, or software platform costs.
How much does ISO 42001 certification cost in the UK and Europe?
ISO 42001 certification from a reputable-accredited certification body typically costs between £4,000 (~€4,700) and £20,000 (~€23,500)+ VAT. The exact figure depends on audit duration, which is influenced by factors such as organisation size, AI complexity, risk profile, certification scope, and the AI roles included within the management system.To help organisations budget, Tempo Audits' three size-based benchmarks provide a practical indication of what certification may cost at different stages of growth:
- 1-10 employees: Typically, at the lower end of the range
- SMEs with around 30 employees: Typically fall within the mid-range
- 100+ employees: Generally attract higher certification costs due to longer audit durations and broader audit scopes
In addition to the initial certification audit, organisations should budget for annual surveillance audits to maintain certification. These costs vary by organisation size and complexity and are charged separately from the certification audit.Important note: While Tempo's benchmarks provide a useful starting point, the final cost will depend on your organisation's structure, AI risk profile, certification scope, and readiness for audit.
Key things to know about ISO 42001 certification costs (A quick glance)
What is included in the ISO 42001 certification cost?
ISO 42001 certification follows a structured three-year cycle governed by ISO/IEC 42006 and accreditation requirements. Rather than a one-off audit, certification includes an initial assessment, annual surveillance audits, and recertification to demonstrate ongoing compliance.
Stage 1: Documentation readiness review
Stage 1 assesses whether your AI Management System (AIMS) is ready for full certification. Auditors review key documentation, confirm the certification scope, evaluate readiness for Stage 2, and identify any gaps that should be addressed before the main audit.Typically includes:
- Audit planning and scope confirmation
- Review of policies, procedures, and AIMS documentation
- Readiness assessment against ISO 42001 requirements
- Initial evidence review
- Gap identification and recommendations for Stage 2
Stage 2: Full AIMS assessment
Stage 2 is the main certification audit. Auditors assess how your AI Management System operates in practice, gathering evidence through interviews, document reviews, process testing, and control validation. At a Stage 2 audit, for an auditor to issue a certificate, they need to find "sufficient objective evidence" of conformity for every clause and applicable control, so the auditor will spend time reviewing conformity.Typically includes:
- Interviews with relevant personnel
- Evidence gathering and record sampling
- Assessment of AI governance and risk controls
- Review of the Statement of Applicability
- Non-conformity review and technical sign-off
- Certification decision and certificate issuance
Surveillance audits (Annual)
Surveillance audits take place annually during Years 2 and 3 of the certification cycle. These audits verify that the management system remains effective and continues to meet ISO 42001 requirements.Typically includes:
- Review of management reviews and internal audits
- Assessment of corrective actions and continual improvement
- Verification of significant organisational or AI system changes
- Risk-based sampling of controls and processes
- Ongoing compliance checks against the certified scope
Recertification (Every 3 years)
At the end of the three-year certificate cycle, a recertification audit is required to renew certification for a further 3 year cycle. This audit is more comprehensive than a surveillance audit, being similar to a Stage 2 audit in terms of the auditor needing to find objective evidence of conformity against every applicable clause and control to be able to issue a new certificate). In so doing, the auditor reassesses the effectiveness of the full AIMS.Typically includes:
- Full review of the management system
- Assessment of changes to scope, locations, or activities
- Verification of continual improvement activities
- Reassessment of risks, controls, and governance arrangements
- Certification renewal for a new three-year cycle (once any non-conformities are closed after the audit)
Ongoing certification
Certification also involves ongoing coordination between your organisation, the certification body, and accreditation requirements. As your business evolves, additional audits may be required for significant scope changes, acquisitions, new locations, or major AI activities added to the certified management system.Tempo manages the certification programme throughout the cycle, including surveillance scheduling, recertification planning, and any scope extension audits required as your organisation grows.
What affects ISO 42001 certification costs
Most cost differences are driven by audit duration rather than arbitrary pricing. ISO/IEC 42006 sets rules for calculating audit time, starting with organisation size and then adjusting based on factors such as AI roles, complexity, locations, and risk profile. As a simple example, an 8-day audit will generally cost around twice as much as a 4-day audit.
Company size
Organisation size is the starting point for audit duration calculations. ISO/IEC 42006 contains a headcount table that establishes baseline audit days before any complexity adjustments are applied.The headcount bands include:11-15 people
- 11-15 people
- 16-25 people
- 26-45 people
- 46-65 people
- 66-85 people
- 86-125 people
Additional tiers continue beyond this point for larger organisations.Headcount can include employees, contractors, and temporary workers involved in the AI Management System (AIMS). Some organisations may choose to limit certification scope to specific departments, such as AI development or product teams, which can reduce the number of people included in the calculation. Part-time workers are generally counted on a full-time equivalent (FTE) basis.
AI roles included within scope
One of the biggest drivers of audit duration under ISO 42006 is the "AI roles" included within scope of certification. ISO 22989 defines several AI lifecycle roles, including AI provider, AI producer, AI developer, AI deployer, and AI user. An organisation acting solely as an AI user for their certification, will require a shorter audit than a business that is an "AI producer".Likewise, a company operating across multiple AI roles will require more audit time than an organisation covering a single role. This is because auditors must assess additional governance arrangements, controls, responsibilities, and risk management processes across the AI lifecycle - and more controls will be applicable.Where an organisation performs more than one AI role, the increase in audit duration can be significant and should be considered when planning certification budgets and implementation timelines.
Complexity
Beyond size and AI roles, several complexity factors can increase audit duration and therefore certification costs.Common examples include:
- Multiple sites or operating locations
- Multiple AI systems within the AIMS scope
- High-risk or sensitive AI use cases
- AI used in regulated sectors such as healthcare, financial services, critical infrastructure, or public services
- AI systems that may affect personal rights, safety, or legal outcomes
- Large numbers of third-party suppliers or AI service providers
- Complex contractual and governance arrangements
- Multiple regulatory frameworks that need to be managed within the AIMS
The more complexity an auditor must assess, the more audit time is generally required.
Certification body fees
Certification bodies apply different daily audit rates, which can affect the overall cost of certification. Pricing differences are often influenced by factors such as accreditation status, geography, auditor expertise, industry specialisation, and audit delivery model. Certification fees typically cover:
- Audit planning
- Stage 1 audit delivery
- Stage 2 audit delivery
- Audit reporting
- Non-conformity review and closure
- Technical review and certification decision
- Certificate issuance
Remote vs on-site audits
Choosing a remote audit can reduce travel and accommodation costs, particularly for organisations operating across multiple locations or countries. While these savings are usually modest compared to audit fees, they can help lower the overall cost of certification.Remote audits can also be less disruptive for internal teams. Evidence reviews, interviews, and document assessments can be scheduled more flexibly, helping organisations move through the certification process with minimal impact on day-to-day operations.As a remote-first certification body, Tempo Audits has designed its audit process around secure evidence sharing, efficient scheduling, and effective remote collaboration. This allows organisations to achieve certification without the additional cost and complexity that often comes with on-site audits.
Number of locations
The number of locations included within scope can have a direct impact on audit duration.Additional sites often require:
- More evidence sampling
- Additional interviews
- Increased coordination
- Review of local processes and controls
- Assessment of governance consistency across locations
That said, AI Management Systems for many tech companies have little physical presence in comparison with other standards like ISO 27001 or ISO 9001 - and therefore the impact of multiple sites is lessened.
Implementation method: In-house vs consultant
Certification bodies are permitted a degree of flexibility when applying ISO/IEC 42006 audit duration rules, provided there is sufficient justification.Where an organisation has implemented a well-structured AI Management System, maintained strong documentation, and prepared thoroughly for certification, auditors may be able to complete activities more efficiently.Similarly, organisations supported by experienced consultants who have delivered multiple ISO 42001 implementations may present fewer readiness issues during the audit process. In some circumstances, this can support a justified reduction in audit duration and associated certification costs.
How is the ISO 42001 certification cost calculated?
The starting point for ISO 42001 certification pricing is audit duration. Certification bodies determine the number of audit days required using the methodology set out in ISO/IEC 42006, which establishes a baseline based on the number of people covered by the AI Management System (AIMS).From there, auditors assess factors such as the AI roles included within scope, organisational complexity, locations, and risk profile. These factors can increase or, in some circumstances, reduce the final audit duration.Once the required audit days have been determined, the certification body applies its audit rates to produce the final certification quote.
Tempo Audits: ISO 42001 audit day and cost guide (Stage 1 + Stage 2)
The figures below show typical market ranges for initial ISO 42001 certification audits (Stage 1 and Stage 2 combined). Actual costs will vary depending on your certification scope, AI roles, risk profile, and organisational complexity, although Tempo's pricing typically sits towards the lower end of the market range.The audit days shown include planning, audit delivery, report writing, technical review, and certification activities. As a general rule, clients should expect around 70-75% of the listed audit days to involve direct auditor engagement, with the remaining time allocated to preparation, reporting, and certification administration.
How to reduce ISO 42001 certification costs
Although ISO/IEC 42006 largely determines audit duration, organisations still have some control over certification costs.
1. Limit scope by reducing headcount under AIMS
Certification scope has a direct impact on audit duration. Where justified, some organisations choose to certify specific business units, teams, or functions rather than the entire organisation.For example, a technology company may certify only its AI product and development/engineering teams rather than all business operations. This can reduce the number of people included in the audit calculation and lower certification costs.Any scope exclusions must be justifiable, agreed by the certification body, and clearly reflected on the certificate.
2. Define AI roles carefully
The AI roles included within scope can significantly affect audit duration. Organisations should ensure the certification scope reflects genuine business requirements rather than automatically including every possible AI role.For example, an organisation acting as an AI provider may not necessarily need AI usage activities within scope if they are not critical to the certified management system or the activities of the business. However, any exclusions must be supported by evidence and accepted by the auditor.
3. Use experienced consultants or proven platforms
Certification bodies may be able to complete audits more efficiently when organisations arrive well prepared. Working with experienced ISO 42001 consultants or established compliance platforms can improve documentation quality, governance maturity, and audit readiness.The objective is not to reduce audit rigour, but to reduce the time spent resolving avoidable issues during the certification process.
4. Prepare documentation early
Good documentation won't dramatically reduce certification costs on its own. Under ISO/IEC 42006, audit duration is primarily driven by factors such as headcount, scope, AI roles, and complexity rather than the quality of documentation.However, as Tempo Audits Founder Rob Hall notes, well-prepared evidence from a structured and familiar management system can sometimes support a modest reduction in audit effort. More importantly, it helps audits run more smoothly by reducing delays, minimising clarification requests, and making it easier for auditors to review controls and supporting evidence.The biggest benefit is usually not lower certification costs, but a faster, more efficient audit experience with fewer surprises during Stage 1 and Stage 2.
5. Choose a remote-first audit model
Remote audits remove travel and accommodation costs and can reduce disruption for internal teams. For organisations operating across multiple sites or countries, remote evidence reviews and interviews are often easier to coordinate.
6. Use Full-Time Equivalent (FTE) calculations correctly
Audit duration is based on the number of people operating within the AIMS. Where part-time workers are included, certification bodies typically calculate headcount using full-time equivalents (FTEs).This can make a meaningful difference around headcount thresholds. For example, two employees working 50% of their time within scope may be counted as one FTE rather than two full-time employees.
7. Train key staff before the audit
Employees involved in the AIMS should understand their responsibilities, controls, and governance processes before certification begins. Well-prepared teams can provide clearer evidence during interviews, reduce follow-up questions, minimise delays, and lower the likelihood of non-conformities that require additional corrective action after the audit.
How Tempo Audits keeps ISO 42001 certification costs transparent
One of the biggest frustrations with certification projects is unclear pricing. Tempo Audits uses a transparent audit-day model based on ISO/IEC 42006 requirements, so organisations can understand how costs are calculated and what is included at each stage of the certification cycle.
Example: 150-person organisationA company with around 150 employees operating under its AI Management System (AIMS) would typically fall within the 126-175 employee audit band. Depending on the AI roles included within scope and the overall complexity of the organisation, initial certification would typically range from £9,000 (~€10,530) to £17,500 (~€20,475) for Stage 1 and Stage 2 combined, as per the cost guide table shared earlier in the article - with the lower end being if they are only including AI usage or AI provider in scope, and the higher end if they're including more than one of AI provider, AI producer and AI usage in scope. The organisation would then budget separately for annual surveillance audits and recertification at the end of the three-year cycle.
Tempo maintains pricing transparency through:
- Clear ISO/IEC 42006 audit-day calculations, so organisations understand how audit duration is determined.
- Remote-first audits, helping minimise travel-related costs and operational disruption.
- Strong emphasis on preparation and readiness, reducing avoidable delays and corrective work during certification.
For a transparent ISO 42001 certification quote, contact Tempo Audits today.
Reviews
Trusted by fast-moving tech teams across the world who value a more human audit experience.

FAQs
Trusted by fast-moving tech teams across the world who value a more human audit experience.
ISO 42001 certification follows a three-year certification cycle rather than a one-off audit. Organisations complete an initial Stage 1 and Stage 2 certification audit, followed by annual surveillance audits in Years 2 and 3, before undergoing recertification at the end of the three-year cycle.Typical annual surveillance audit costs range from £1,600-£9,000 (€1,872–€10,530) depending on organisation size, certification scope, and complexity. Recertification audits are typically more comprehensive and are priced separately from surveillance activities.
In practice, organisations do not usually "fail" an ISO 42001 audit. Where auditors identify non-conformities, organisations are given the opportunity to address them before certification is granted or maintained.The impact on cost depends on the type and number of findings:
- Minor non-conformities are addressed through corrective action plans and evidence submission on how the company plan to close them in the coming months. The auditor will sign them off, and once approved, certification can be issued.
- Major non-conformities require remediation to be finalised before they're closed, and certification can be awarded.
- Additional charges generally only arise if significant extra audit time is required to verify corrective actions.
There is therefore no fixed cost for "failing" an audit. Instead, any additional costs relate to the effort required to close outstanding findings (which is a requirement in ISO 42006). At Tempo Audits, the cost of closing up to five non-conformities is included within the standard certification fee. Where more than five findings are raised, additional audit time is charged in increments of 0.25 audit days (£250 (€293)) for each additional group of up to five non-conformities, or part thereof.In reality, most organisations do not exceed five findings during the certification process.
Yes. Where both certification bodies are accredited by UKAS or another recognised IAF accreditation body, there is a defined certification transfer process. This allows organisations to transfer certification without restarting the entire certification cycle. The incoming certification body reviews existing certification records, audit history, and certification status before accepting the transfer.Non-accredited certifications are different. Because there is no recognised accreditation framework governing transfers, organisations may be required to undergo a new certification process if they later move to an accredited certification body.
No. Tempo Audits' certification fees cover the independent certification audit process only, including:
- Stage 1 audit
- Stage 2 audit
- Annual surveillance audits
- Recertification audits
- Certification decision and certificate issuance
Consultancy, implementation support, training, internal resource costs, and compliance platforms are separate services and are not required to obtain certification.
Book a call
No forms, no faff – just a conversation and a quote. Prefer to skip straight to it? Fill out the application form and we'll get moving.
Alternatively, if you have all the details,
fill out this form here.





